Weekly Vulnerabilities Reports > May 5 to 11, 2008
Overview
3 new vulnerabilities reported during this period, including 2 critical vulnerabilities and 1 high severity vulnerabilities. This weekly summary report vulnerabilities in 7 products from 6 vendors including PHP, Fedoraproject, Canonical, Apple, and Debian. Vulnerabilities are notably categorized as "Missing Release of Resource after Effective Lifetime", "Insufficient Entropy", and "Incorrect Calculation of Buffer Size".
- 3 reported vulnerabilities are remotely exploitables.
- 3 reported vulnerabilities are exploitable by an anonymous user.
- PHP has the most reported vulnerabilities, with 2 reported vulnerabilities.
- PHP has the most reported critical vulnerabilities, with 2 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
2 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2008-05-07 | CVE-2008-2108 | PHP Fedoraproject Canonical Debian | Insufficient Entropy vulnerability in multiple products The GENERATE_SEED macro in PHP 4.x before 4.4.8 and 5.x before 5.2.5, when running on 64-bit systems, performs a multiplication that generates a portion of zero bits during conversion due to insufficient precision, which produces 24 bits of entropy and simplifies brute force attacks against protection mechanisms that use the rand and mt_rand functions. | 9.8 |
2008-05-05 | CVE-2008-0599 | PHP Fedoraproject Canonical Apple | Incorrect Calculation of Buffer Size vulnerability in multiple products The init_request_info function in sapi/cgi/cgi_main.c in PHP before 5.2.6 does not properly consider operator precedence when calculating the length of PATH_TRANSLATED, which might allow remote attackers to execute arbitrary code via a crafted URI. | 9.8 |
1 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2008-05-09 | CVE-2008-2122 | IBM | Missing Release of Resource after Effective Lifetime vulnerability in IBM Rational Build Forge 7.0.2 IBM Rational Build Forge 7.0.2 allows remote attackers to cause a denial of service (CPU consumption) via a port scan, which spawns multiple bfagent server processes that attempt to read data from closed sockets. | 7.5 |
0 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|
0 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|